Difference between revisions of "FLOSSHack One"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
== FLOSSHack One ==
+
The first [[FLOSSHack]] workshop will be held on July 1st, 2012 from noon to 4pm at [http://www.freegeek.org/ Free Geek].  The workshop's target will be the [http://ushahidi.com/about-us Ushahidi] platform.  An overview of the FLOSSHack workflow can be found on the "[[FLOSSHack for Participants]]" page.  The primary organizers for this event are Timothy D. Morgan and Wil Clouser.
 
+
The first [[FLOSSHack]] event will be held on July 1st, 2012 from noon to 4pm at [http://www.freegeek.org/ Free Geek].  The workshop's target will be the [http://ushahidi.com/about-us Ushahidi] platform.  The primary organizers for this event are Timothy D. Morgan and Wil Clouser.
+
  
  
 
=== Getting Started ===
 
=== Getting Started ===
 +
The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed.  You can obtain this [http://c385457.r57.cf1.rackcdn.com/Ushahidi_VM.tar.gz here].  The version of the source code for audit is the latest commit on the [https://github.com/ushahidi/Ushahidi_Web/tree/master master branch].  This can be obtained with:
 +
  git clone -b master git://github.com/ushahidi/Ushahidi_Web.git
 +
 +
=== Competition Notes ===
 +
You are welcome to start looking for vulnerabilities '''right now'''.  If you do find any vulnerabilities in the application prior to the workshop, please email them to <code>tim . morgan |at| </code><code>owasp &#x2e; org</code>.  That way you get credit for them if you're the first to find a given flaw.  At the end of the workshop, there will be prizes for both finding the "best" vulnerability and for finding the most vulnerabilities.  Also, be sure to keep any flaws you find under wraps so that way Ushahidi has some time to correct everything before they are made public.
 +
  
Approximately one week before the workshop, links will be posted here with the specific version of Ushahidi code that we will audit.  A virtual machine (VM) image will also be provided for download.  Participants are encouraged to begin the bug hunt as soon as these files are posted.  Happy hunting!
+
=== Ideas for Attacks ===
 +
TODO
  
An overview of the FLOSSHack workshop event can be found on the "[[FLOSSHack for Participants]]" page.
+
Good luck and happy hunting!

Revision as of 12:47, 25 June 2012

The first FLOSSHack workshop will be held on July 1st, 2012 from noon to 4pm at Free Geek. The workshop's target will be the Ushahidi platform. An overview of the FLOSSHack workflow can be found on the "FLOSSHack for Participants" page. The primary organizers for this event are Timothy D. Morgan and Wil Clouser.


Getting Started

The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed. You can obtain this here. The version of the source code for audit is the latest commit on the master branch. This can be obtained with:

 git clone -b master git://github.com/ushahidi/Ushahidi_Web.git

Competition Notes

You are welcome to start looking for vulnerabilities right now. If you do find any vulnerabilities in the application prior to the workshop, please email them to tim . morgan |at| owasp . org. That way you get credit for them if you're the first to find a given flaw. At the end of the workshop, there will be prizes for both finding the "best" vulnerability and for finding the most vulnerabilities. Also, be sure to keep any flaws you find under wraps so that way Ushahidi has some time to correct everything before they are made public.


Ideas for Attacks

TODO

Good luck and happy hunting!